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ABSTRACT 


The  Secure  Data  Network  System  (SDNS)  project,  initiated  by  the  National 
Security  Agency  in  1986,  produced  a computer  network  security  architecture  within  the 
framework  of  the  International  Organization  for  Standardization  (ISO)  reference  model 
for  Open  Systems  Interconnection  (OSI).  The  security  protocol  at  layer  4 (SP4)  is  one 
element  of  the  SDNS  architecture  used  to  provide  security  services  at  the  Transport  Layer 
of  the  OSI  reference  model.  This  report  specifies  the  Protocol  Implementation 
Conformance  Statement  (PICS)  proforma  for  SP4.  When  the  PICS  proforma  is  completed 
for  an  SP4  implementation,  it  provides  a clear  and  concise  statement  of  capabilities,  useful 
in  a variety  of  situations  to  those  involved  in  the  production,  testing,  supply,  procurement, 
and  application  of  the  implementation. 

Key  Words:  Secure  Data  Network  System;  Security  Protocol;  Protocol  Implementation 
Conformance  Statement;  Computer  Network  Security;  Open  Systems 
Interconnection; 
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1. 


INTRODUCTION 


1.1  Background 

The  National  Institute  of  Standards  and  Technology  (NIST)  and  the  National 
Security  Agency  (NSA)  initiated  a joint  project  in  Computer  Network  Security  in  1984. 
The  project  was  based  on  the  recognition  that  a comprehensive  set  of  security  mechanisms 
is  needed  to  provide  cost  effective  access  control  to  data  in  geographically  distributed 
computer  networks.  While  the  detailed  security  mechanisms  can  differ  between  the 
classified  and  unclassified  communities  requiring  security,  both  communities  benefit  when 
commercial  computer  networks  are  developed  with  a common  security  architecture.  The 
NSA  initiated  the  Secure  Data  Network  System  (SDNS)  program  in  1986  as  a result,  at 
least  partially,  of  this  joint  project. 

Security  Protocol  4 (SP4)  [1,2]  is  one  element  of  the  SDNS  architecture  [3],  used 
to  provide  security  services  at  the  Transport  Layer  of  the  International  Organization  for 
Standardization  (ISO)  Basic  Reference  Model  (BRM)  for  Open  System  Interconnection 
(OSI)  [4].  SP4  consists  of  a simple  encapsulation/decapsulation  protocol  that  protects 
normal  Transport  Protocol  data  units  within  a cryptographically  secure  envelope.  SP4  is 
compliant  with  the  security  addendum  to  the  OSI  BRM  [5],  and  forms  the  basis  of  the 
emerging  ISO  standard  for  a Transport  Layer  Security  Protocol  [6].  SP4  extends  the  OSI 
Transport  connectionless  and  connection  oriented  standards  [7,8]  to  provide  or  support  the 
following  security  services  defined  in  the  security  addendum: 

(1)  Data  Integrity, 

(2)  Data  Confidentiality, 

(3)  Data  Origination  Authentication,  and 

(4)  Access  Control. 

1.2  Objectives 

This  report  specifies  the  Protocol  Implementation  Conformance  Statement  (PICS) 
proforma  for  SP4.  The  supplier  of  a protocol  implementation  which  is  claimed  to 
conform  to  the  SDNS  Standard  [1]  shall  complete  the  SP4  PICS  proforma.  A completed 
PICS  proforma  becomes  the  PICS  for  the  implementation  in  question.  The  PICS  is  a 
statement  identifying  the  capabilities  and  options  of  the  protocol  that  have  been 
implemented.  The  PICS  can  serve  a number  of  purposes,  including  as: 

(1)  a check  list  for  the  protocol  implementer,  to  reduce  the  risk  of  failure  to 
conform  to  the  standard  through  oversight; 
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(2)  a detailed  indication  for  the  supplier  and  receiver  of  the  implementation  of 
its  capabilities,  stated  relative  to  the  common  basis  of  understanding 
provided  by  the  standard  PICS  proforma; 

(3)  a basis  for  the  user  of  the  implementation  to  check  the  possibility  of 
interworking  with  another  implementation; 

(4)  the  basis  for  a protocol  tester  to  select  appropriate  tests  against  which  to 
assess  the  claim  for  conformance  of  the  implementation. 

The  remainder  of  this  report  defines  the  procedures,  format,  and  content  that 
comprise  the  SP4  PICS  proforma.  The  format  is  intended  to  follow  the  style  used  in  the 
PICS  proforma  for  the  transport  protocol  [9].  Most  of  the  content  is  derived  directly 
from  the  SP4  standard  [1].  Appendix  A provides  the  rationale  behind  the  content 
selection  and  explores  the  relationships  between  services,  protocol,  and  functions. 


2.  INSTRUCTIONS 

The  first  part  of  the  PICS  proforma,  the  Implementation  Identification,  is  to  be 
completed  as  indicated  with  the  information  necessary  to  identify  fully  both  the  supplier 
and  the  implementation.  The  main  part  of  the  PICS  proforma  is  a fixed-format 
questionnaire  divided  into  subclauses,  each  containing  a group  of  individual  items.  Answers 
to  the  questionnaire  items  are  to  be  provided  in  the  rightmost  column,  either  by  simply 
marking  an  answer  to  indicate  a restricted  choice  (usually  "Yes"  or  "No"),  or  by  entering 
a value  or  a set  or  range  of  values.  Note  that  there  are  some  items  where  two  or  more 
choices  from  a set  of  possible  answers  can  apply.  Therefore,  all  relevant  choices  are  to 
be  marked. 

Each  item  is  identified  by  an  reference  index  in  the  first  column;  the  second  column 
contains  the  item  to  be  addressed;  the  third  column  contains  the  reference(s)  to  the 
location  of  the  item  in  the  main  body  of  the  standard.  For  optional  items,  additional 
columns  indicate  the  status  of  the  item  (i.e.,  whether  support  is  optional,  or  conditional), 
and  the  degree  of  support  for  the  item  (i.e.,  either  a Yes/No  indication  of  support,  or 
space  to  specify  implementation  support  details). 


The  following  standard  PICS  proforma  notations  [10]  appear  in  the  status  column: 


Svmbol 

Meaning 

m 

mandatory 

o 

optional 

- 

not  applicable  (N/A) 

o.<n> 

optional,  but  support  of  at  least  one  of  the  group  of  options  labelled 
by  the  same  numeral  <n>  is  required 
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Symbol  Meaning  Tcontinued) 

<cid>:  conditional  requirement,  according  to  the  condition  or  item  index 

identified  by  <cid> 

<item>::  simple  predicate  condition,  dependent  on  the  support  marked  for 

<item> 


3.  IDENTIFICATION 

Table  1 provides  the  format  for  identifying  the  implementation  and  its  supplier. 
Only  the  first  three  items  are  required  for  each  implementation.  Other  information  may 
be  completed  as  appropriate  in  meeting  the  requirements  for  full  identification.  The 
terms  "Name"  and  "Version"  should  be  interpreted  appropriately  to  correspond  with  a 
supplier’s  terminology  (e.g.,  using  Type,  Series,  Model). 


Table  1:  SP4  Implementation  Identification 


Item 


Information 


Supplier 

Contact  point  for  queries  about 
this  PICS 

Implementation  Name(s)  and 
Version(s) 

Other  information  necessary  for 
full  identification  (e.g..  Name’s 
and  Version(s)  for  machines  and 
operating  systems.  System  Name(s)) 


4.  GENERAL  STATEMENT  OF  CONFORMANCE 

Table  2 that  follows  codifies  the  general  statement  of  conformance  for  the 
implementation. 
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Table  2:  General  Conformance  Statement 


Index 

Item 

Support 

COTP 

Does  the  implementation  claim 
conformance  with  ISO/IEC  8073? 

Y 

N 

COMAN 

Are  all  mandatory  features  of 
ISO/IEC  8073  implemented? 

Y 

N 

CLTP 

Does  the  implementation  claim 
conformance  with  ISO/IEC  8602? 

Y 

N 

CLMAN 

Are  all  mandatory  features  of 
ISO/IEC  8602  implemented? 

Y 

N 

SP 

Does  the  implementation  claim 
conformance  with  SDN-401? 

Y 

N 

SPMAN 

Are  all  mandatory  features  of 
SDN-401  implemented? 

Y 

N 

5.  PROTOCOL  IMPLEMENTATION 

Table  3 identifies  the  classes  of  the  connection  oriented  Transport  Protocol 
(COTP::)  supported  by  the  implementation,  with  regard  to  their  use  with  either  a 
connection  oriented  network  service  (CONS)  or  a connectionless  network  service  (CLNS). 


Table  3:  COTP  Classes  Implemented 


Index  Transport  Class  Support 


CO 

Class  0 SP4-CONS 

Y 

N 

Cl 

Class  1 SP4-CONS 

Y 

N 

C2 

Class  2 SP4-CONS 

Y 

N 

C3 

Class  3 SP4-CONS 

Y 

N 

C4 

Class  4 SP4-CONS 

Y 

N 

C4L 

Class  4 SP4-CLNS 

Y 

N 
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6. 


SECURITY  SERVICES  SUPPORTED 


The  following  set  of  tables,  4 through  6,  identify  for  each  class  of  the  connection 
oriented  Transport  Protocol  (COTP::),  the  security  services  available  through  SP4  and 
their  level  of  support  by  the  implementation.  The  security  services  listed  are  taken  from 
the  security  addendum  to  the  OSI  BRM  [2]. 


Table  4:  Service  Element  Proforma  for  CO 


Index 

Service  Element 

Status 

Support 

TOSEO 

Confidentiality 

0.1 

Y 

N 

TOSEl 

Connection  Confidentiality 

TOSEO:m 

Y 

N 

T0SE2 

Connectionless  Confidentiality 

- 

T0SE3 

Integrity 

0.1 

Y 

N 

T0SE4 

Connection  Integrity  w Recovery 

- 

T0SE5 

Connection  Integrity  wo  Recovery 

- 

T0SE6 

Connectionless  Integrity 

T0SE3:m 

Y 

N 

T0SE7 

Data  Origination  Authentication 

m 

Y 

N 

T0SE8 

Access  Control 

o 

Y 

N 

Table  5:  Service  Element  Proforma  for  Cl,  C2,  C3 


Index 

Service  Element 

Status 

Support 

T3SE0 

Confidentiality 

0.1 

Y 

N 

T3SE1 

Connection  Confidentiality 

T3SE0;m 

Y 

N 

T3SE2 

Connectionless  Confidentiality 

- 

T3SE3 

Integrity 

0.1 

Y 

N 

T3SE4 

Connection  Integrity  w Recovery 

- 

T3SE5 

Connection  Integrity  wo  Recovery 

T3SE3:o.2 

Y 

N 

T3SE6 

Connectionless  Integrity 

T3SE3:o.2 

Y 

N 

T3SE7 

Data  Origination  Authentication 

m 

Y 

N 

T3SE8 

Access  Control 

0 

Y 

N 
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Table  6:  Service  Element  Proforma  for  C4,  C4L 


Index 

Service  Element 

Status 

Support 

T4SE0 

Confidentiality 

0.1 

Y 

N 

T4SE1 

Connection  Confidentiality 

T4SE0:m 

Y 

N 

T4SE2 

Connectionless  Confidentiality 

- 

T4SE3 

Integrity 

0.1 

Y 

N 

T4SE4 

Connection  Integrity  w Recovery 

T4SE3:o.2 

Y 

N 

T4SE5 

Connection  Integrity  wo  Recovery 

- 

T4SE6 

Connectionless  Integrity 

T4SE3:o.2 

Y 

N 

T4SE7 

Data  Origination  Authentication 

m 

Y 

N 

T4SE8 

Access  Control 

0 

Y 

N 

The  following  table  identifies,  for  the  connectionless  Transport  Protocol  (CLTP::), 
the  security  services  available  through  SP4  and  their  level  of  support  by  the 
implementation. 


Table  7;  Service  Element  Proforma  for  CLTP 


Index 

Service  Element 

Status 

Support 

TLSEO 

Confidentiality 

0.1 

Y 

N 

TLSEl 

Connection  Confidentiality 

- 

TLSE2 

Connectionless  Confidentiality 

TLSEO:m 

Y 

N 

TLSE3 

Integrity 

0.1 

Y 

N 

TLSE4 

Connection  Integrity  w Recovery 

- 

TLSE5 

Connection  Integrity  wo  Recovery 

- 

TLSE6 

Connectionless  Integrity 

TLSE3:m 

Y 

N 

TLSE7 

Data  Origination  Authentication 

m 

Y 

N 

TLSE8 

Access  Control 

o 

Y 

N 
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7. 


SUPPORTED  FUNCTIONS 


The  following  set  of  tables,  8 through  13,  identify  the  mandatory  and  optional 
functions  implemented  for  each  class  of  Transport  (COTP::)  supported. 


Table  8:  Mandatory  Functions  for  CO 


Index 

Function 

Ref 

TOFl 

verification  of  peer  address 

6.4 

T0F2 

reflection  detection 

6.3.2 

T0F3 

security  encapsulation 

5.5 

T0F4 

reporting  of  security  events 

Notes 

Table  9:  Optional  Functions  for  CO 


Index 

Function 

Ref 

Status  Support 

T0F5 

data  encipherment 

6.2 

0.1 

Y 

N 

T0F6 

integrity  protection 

6.3 

0.1 

Y 

N 

T0F7 

padding 

6.6 

o 

Y 

N 

T0F8 

explicit  security  labeling 

6.5 

o 

Y 

N 

Table  10:  Mandatory  Functions  for  Cl 


Index 

Function 

Ref 

TlFl 

verification  of  peer  address 

6.4 

T1F2 

reflection  detection 

6.3.2 

T1F3 

separation  after  decapsulation 

6.1 

T1F4 

security  encapsulation 

5.5 

T1F5 

reporting  of  security  events 

Notes 
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Table  11:  Optional  Functions  for  Cl 


Index  Function 


Ref  Status  Support 


T1F6 

data  encipherment 

6.2 

0.1 

Y 

N 

T1F7 

integrity  protection 

6.3 

0.1 

Y 

N 

T1F8 

pre-encapsulation  concatenation 

6.1 

o 

Y 

N 

T1F9 

padding 

6.6 

o 

Y 

N 

TIFIO  explicit  security  labeling 

6.5 

o 

Y 

N 

Table  12:  Mandatory  Functions  for  C2,  C3,  C4,  C4L 


Index 

Function 

Ref 

T4F1 

verification  of  peer  address 

6.4 

T4F2 

reflection  detection 

6.3.2 

T4F3 

separation  after  decapsulation 

6.1 

T4F4 

secure  multiplexing 

Implicit 

T4F5 

security  encapsulation 

5.5 

T4F6 

reporting  of  security  events 

Notes 

Table  13:  Optional  Functions  for  C2,  C3,  C4,  C4L 


Index  Function 

Ref 

Status  Support 

T4F7  data  encipherment 

6.2 

0.1 

Y 

N 

T4F8  integrity  protection 

6.3 

0.1 

Y 

N 

T4F9  integrity  sequence  number 

6.3.3 

o 

Y 

N 

T4F10  pre-encapsulation  concatenation 

6.1 

0 

Y 

N 

T4F11  padding 

6.6 

o 

Y 

N 

T4F12  explicit  security  labeling 

6.5 

o 

Y 

N 

T4F13  final  sequence  number  check 

6.3.3 

o 

Y 

N 

Tables  14  and  15  identify  the  mandatory  and  optional  functions  implemented  for 
the  connectionless  Transport  Protocol  (CLTP::). 
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Table  14:  Mandatory  Functions  for  CLTP 


Index 

Function 

Ref 

TLFl 

verification  of  peer  address 

6.4 

TLF2 

reflection  detection 

6.3.2 

TLF3 

security  encapsulation 

5.5 

TLF4 

reporting  of  security  events 

Notes 

Table  15:  Optional  Functions  for  CLTP 


Index  Function 


Ref  Status  Support 


TLF5 

data  encipherment 

6.2 

0.1 

Y 

N 

TLF6 

integrity  protection 

6.3 

0.1 

Y 

N 

TLF7 

padding 

6.6 

o 

Y 

N 

TLF8 

explicit  security  labeling 

6.5 

o 

Y 

N 

8.  SUPPORTED  PROTOCOL  DATA  UNITS  (PDUs) 

8.1  Supported  Transport  PDUs  (TPDUs) 

As  indicated  in  Table  16,  the  security  encapsulation  (SE)  TPDU  is  supported  for 
both  transmission  and  receipt,  for  the  connectionless  Transport  Protocol  (CLTP::)  and  all 
classes  of  the  connection  oriented  (COTP::). 


Table  16:  TPDUs  Supported 


Index  TPDU  Item  Status 


STl  SE  transmission  COTP  or  CLTP:m 
ST2  SE  receipt  COTP  or  CLTP:m 


8.2  Supported  Parameters  of  TPDUs 

Tables  17  and  18  indicate  which  parameters  are  mandatory  or  optional  when  a SE 
TPDU  is  issued  by  Transport  (COTP::  or  CLTP::). 
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Table  17:  Mandatory  Parameters  for  COTP,  CLTP 


Index  Parameter 


Ref 


SPIl  Key  Identifier  must  be  present.  6.2, 6.3 

SPI2  Bit  one  of  Protected  Header  Flag  must  8.2.2.2 
be  set  as  direction  indicator. 


Table  18:  Optional  Parameters  for  COTP,  CLTP 


Index 

Parameter 

Ref 

Status  Support 

SPI3 

Label 

8.2.2 

0 

Y N 

SPI4 

Pad 

8.2.2 

0 

Y N 

SPI5 

FSN 

8.2.3 

0 

Y N 

SPI6 

ICV 

8.2.4 

o 

Y N 

Transport  implementations  (COTP::  or  CLTP::)  shall  be  capable  of  receiving  and 
processing  all  possible  parameters  of  the  SE  TPDU  as  indicated  in  Table  19. 


Table  19:  Mandatory  Parameters  for  COTP,  CLTP 


Index 

Parameter 

Ref 

SPRl 

Key  Identifier  must  be  present. 

6.2,6.3 

SPR2 

Bit  one  of  Protected  Header  Flag  must  8.2.2.2 
be  set  as  direction  indicator. 

SPR3 

Label 

8.2.2 

SPR4 

Pad 

8.2.2 

SPR5 

FSN 

8.2.2 

SPR6 

ICV 

8.2.4 
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8.3  Allowed  Values  of  TPDU  Parameters 


The  following  tables  indicate  the  allowed  range  of  values  or  size  of  value 
representation  for  the  parameters  of  issued  or  received  TPDUs,  for  the  connectionless 
Transport  Protocol  (CLTP::)  and  all  classes  of  the  connection  oriented  (COTP::). 


Table  20:  Values  for  Parameters  of  Issued  TPDUs 
for  COTP,  CLTP 


Index  Parameter  Values 


AVIl 

Key  Identifier 

AVI2 

Prot  Header  Flags 

Label 

AVIS 

Defining  Authority 

AVI4 

Value 

Padding 

AVI5 

Length 

AVI6 

Value 

AVI7 

ICV 

Allowed  Supported 


1-254  octets 
"0"  or  "1" 


1 octet 
1-m  octets 


"1"  to  "254" 
1-254  octets 
1-indef  octets 


Table  21:  Values  for  Parameters  of  Received  TPDUs 
for  COTP,  CLTP 


Index  Parameter 


Values 


Allowed  Supported 


AVRl 

Key  Identifier 

1-254  octets 

AVR2 

Prot  Header  Flags 

"0"  or  "1" 

Label 

AVR3 

Defining  Authority 

1 octet 

AVR4 

Value 

1-m  octets 

Padding 

AVR5 

Length 

"1"  to  "254" 

AVR6 

Value 

1-254  octets 

AVR7 

ICV 

1-indef  octets 
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Note:  Field  sizes  for  the  parameters  of  the  protected  header  must 
meet  the  following  length  restrictions  for  TPDUs  issued  and 
received:  20  + (m+2)  + (Length +2)  <=  254  octets. 


9.  SUPPORTED  ALGORITHMS 

Table  22  identifies  the  set  of  confidentiality  and  integrity  algorithms  supported  by 
the  implementation. 


Table  22:  Supported  Algorithms 


Index  Item 

Ref 

Algorithm  Identifier(s) 

ALGl  Data  Encryption 

6.2.3 

ALG2  MAC  ICV 

6.3.1.3 

ALG3  MDC  ICV 

6.3.1.3 

10.  ERROR  HANDLING 
10.1  Security  Errors 

Tables  23  and  24  contain  the  mandatory  and  optional  security  error  actions  to  be 
taken  upon  receipt  of  an  SE  TPDU  corresponding  to  the  event  description.  In  addition, 
all  mandatory  actions  require  that  the  security  relevant  event  be  reported  to  systems 
management. 
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Table  23:  Mandatory  Security  Error  Actions  for  COTP,  CLTP 


Index  Event 


Ref 


SERI  An  improperly  protected  TPDU  received  shall  6.0 
be  discarded. 

SER2  A TPDU  with  an  invalid  key  identifier  shall  6.2.3 

be  discarded. 

SER3  A TPDU  with  an  invalid  ICV  shall  be  discarded.  6.3. 1.3 

SER4  A TPDU  with  an  invalid  direction  indicator  6.3.2.3 

shall  be  discarded. 

SER5  A TPDU  with  an  improper  label  shall  be  discarded.  6.5.3 

SER6  A TPDU  with  an  improper  pad  shall  be  discarded.  6.2.3 

SER7  A TPDU  with  a duplicate  sequence  number  shall  6.3.3. 1.2 
be  discarded. 

SERB  A TPDU  with  an  invalid  peer  address  shall  be  6.4 
discarded. 

Notes:  a)  In  item  SERI,  an  improperly  protected  TPDU  includes  both 
those  SE  TPDUs  where  non-negotiated  options  are  used,  and 
those  where  negotiated  options  are  not  used. 

b)  Item  SER7  applies  only  to  the  connection  oriented 
Transport  Protocol  (COTP::)  when  integrity  sequence  number 
space  and  truncation  protection  have  been  negotiated  for  C2, 
C3,  C4,  or  C4L. 


Table  24:  Optional  Security  Error  Actions  for  COTP,  CLTP 


Index  Event 


Ref  Action 


Allowed  Supported 


SER9  An  invalid  final  sequence  number 
detected  for  an  encapsulated  DR, 
DC,  or  ER  TPDU. 

SERIO  An  invalid  destination  address, 
inconsistent  with  that  negotiated 
for  the  associated  key  identifier, 
appears  on  an  encapsulated  TPDU. 


6.3.3.2.3  Local 
Matter; 
Audit 
Advised. 
None  Open 
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Note:  Item  SER9  applies  only  to  the  connection  oriented  Transport 
Protocol  (COTP::)  when  integrity  sequence  number  space  and 
truncation  protection  have  been  negotiated  for  C2,  C3,  C4, 

C4L. 

10.2  Protocol  Errors 

Table  25  identifies  the  protocol  error  actions  to  be  taken  upon  receipt  of  an  SE 
TPDU  corresponding  to  the  event  description. 


Table  25:  Protocol  Error  Actions  for  COTP,  CLTP 


Index  Event 


Ref  Action 


Allowed  Supported 


PERI  An  undefined  parameter 

encountered  in  the  protected 
header. 

PER2  Protected  header  parameters 
discovered  out  of  sequence. 

PER3  ESN  parameter  appears  in 
the  protected  header  of  an 
encapsulated  TPDU,  other 
than  DR,  DC,  or  ER. 


None  Open 

None  Open 
None  Open 
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APPENDIX  A:  SERVICE,  FUNCTION,  AND  PROTOCOL  RELATIONSHIPS 


The  SP4  standard  poses  a bit  of  a paradox.  Its  presentation  is  simple,  yet  a high 
degree  of  complexity  arises  when  considering  its  use  with  the  connectionless  Transport 
protocol  and  the  various  classes  of  the  connection  oriented  Transport  protocol,  in  light  of 
the  available  options.  This  complexity  becomes  more  evident  in  the  PICS  proforma,  since 
the  full  capabilities  of  the  protocol  must  be  expressed.  Perhaps  the  hardest  area  of  the 
proforma  to  reconcile  is  the  SP4  service  elements.  This  is  due  in  large  part  to  the 
somewhat  weak  service  elements  definitions  appearing  in  the  security  addendum  to  the 
OSI  reference  model.  The  following  guidelines  are  provided  as  an  aid  to  understanding: 

(1)  Connection  confidentiality  is  indicated  when  the  Transport  service  is 
connection  oriented  and  the  TPDUs  are  protected  accordingly. 

(2)  Connectionless  confidentiality  is  indicated  when  the  Transport  service  is 
connectionless  and  the  TPDUs  are  protected  accordingly. 

(3)  Connection  integrity  is  indicated  when  the  Transport  service  is  connection 
oriented,  and  the  integrity  sequence  number  space  and  per  connection  key 
granularity  options  are  in  effect.  If  recovery  procedures  are  included  in  the 
Transport  class  then  connection  integrity  with  recovery  applies. 

(4)  Connectionless  integrity  is  indicated  when  either 

(a)  the  Transport  service  is  connectionless,  or 

(b)  the  Transport  service  is  connection  oriented,  the  integrity  sequence 
number  space  option  is  not  in  effect,  and  the  per  end-system  key 
granularity  option  is  in  effect. 

(5)  Data  origination  authentication  is  implicit  since  a pair-wise  key  shared 
between  entities  is  used  to  decrypt  or  verify  the  integrity  check  value  on  an 
incoming  security  encapsulated  TPDU. 

(6)  Access  control  is  indicated  whenever  security  labels  are  employed  and/or 
other  access  controls  associated  with  the  cryptographic  association  have  been 
implemented. 

Once  the  service  elements  have  been  resolved,  the  remainder  of  the  PICS 
proforma  is  easier  to  digest.  In  particular,  the  underlying  support  functions  and  protocol 
may  be  mapped  directly  from  the  SP4  security  services.  The  following  sections  explain 
these  relationships  in  detail. 
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A.l  Relationship  Between  Services  and  Functions 

Table  26  below  gives  a mapping  between  OSI  security  services  provided  by  SP4  and 
the  associated  functions  needed  in  an  implementation.  The  consistency  between 
supported  functions  and  security  services  shall  be  maintained  accordingly. 


Table  26:  Mapping  of  Security  Services  to  Supported  Functions 


Security  Service 


Functions 


Confidentiality 
Connection  Integrity 


Connectionless  Integrity 


Data  Orig.  Authentication 


Access  Control 


data  encipherment 
padding 

integrity  sequence  number  space 

integrity  protection 

reflection  detection 

final  sequence  number  check 

padding 

integrity  protection 
reflection  detection 
padding 

verification  of  peer  address 
security  encapsulation 
use  of  either: 

integrity  protection 
or  data  encipherment 
explicit  security  labeling 
secure  multiplexing 
security  encapsulation 


A.2  Relationship  Between  Services  and  Protocol 

Table  27  gives  a mapping  between  OSI  security  services  provided  by  SP4  and  the 
SE  TPDU  protocol  control  information  (PCI)  and  parameter  fields  employed  by  the 
underlying  security  mechanisms.  The  consistency  between  supported  security  parameters 
and  SE  TPDU  parameter  fields  shall  be  maintained  accordingly. 
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Table  27:  Mapping  of  Security  Services  to  SE  TPDU  Parameters 


Security  Service 

TPDU  Parameters/PCI 

Confidentiality 

encrypted  data 
pad 

Connectionless  Integrity 

integrity  check  value 
direction  indicator 

Connection  Integrity 

pad 

integrity  check  value 
direction  indicator 

Data  Orig.  Authentication 

DT/ED  send  sequence  number 

final  sequence  number 

pad 

peer  address 
key  identifier 

key  identifier  employed  in: 
integrity  check  value 

Access  Control 

or  encrypted  data 
security  label 
key  identifier 

key  identifier  employed  in: 
integrity  check  value 
or  encrypted  data 
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